Application Security Specialist at Vodafone Ghana

Key Accountabilities

• Provide supervisory technology security assurance, guidance, and support to the Vodafone Ghana (VFGH) team as well as Vodacom Group & Vodafone Group where needed.
• Ensure that applications and services are secured and implemented with best security practices.
• Defining, implementing, and efficiently maintaining technology security controls and requirements.
• Ensure timely delivery of technology security assurance and support for projects.
• Provide SME input to technical analysis, design, of application and digital systems.
• Provide accurate and timely reporting of technology security risks identified during project engagement and propose remediation and mitigation options.
• Participate in creation and execution of technology security strategy.
• Leads the application security program, defines standards, policies, and procedures, and coordinates with Technology teams to implement and maintain integrated applications.
• The role requires the individual to monitor information security governance, risk, and compliance by Vodafone Ghana Corporate IT, Mobile and Enterprise Business domains.
• Engage with the stakeholders on control effectiveness and deficiencies in the design and operating effectiveness of information security controls, design and recommend opportunities for continuous improvement.
• Interpret and manage the controls and capabilities required for VFGH to establish and comply with an information security management system in alignment with information security international best practice and/or industry standard(s).
• Develop, manage, and implement the Vodafone information security audit and assurance plans and schedules, including any specific business needs and requirements (including PCI, ISO27001, GDPR, POPIA, Cyber Crime Bill).
• Manage and conduct formal information security risk analyses, reviews, tests, audits and/or self-assessments.
• Design appropriate remedial actions for identified risks, drive remediation of findings and management of risks and exemptions.

Core Competencies, Knowledge and Experience

• Bachelor’s Degree in Computer Science, Information Security, Engineering or Technology or other related fields.
• Minimum of 5+ years of experience in Tech Security role.
• Foundation experience and reasonable understanding of network stack, network protocols
• Web Security & Encryption
• Secure coding and Security Testing knowledge (SAST and DAST), Vulnerability management
• Understanding of OWASP top ten web application security risks
• Understanding of network security (incl. IDS/IPS, WAF, DLP Anti-malware, URL/content filtering, SIEM, others)
• Knowledge of Windows, UNIX and Linux operating systems.
• Practices and methods of enterprise architecture and security architecture
• Application and Network security architecture development and definition.